Your Gmail Account is Hacked - Tips to Protect Your Account !

Your Gmail Account is Hacked - Tips to Protect Your Account !

Beware Gmail account users, there's a new online scam targeting you, which is termed as "Gmail phishing".

This phishing scam has been discovered by Mark Maunder, CEO of WordPress security service Wordfence.

He says that the scam has managed to convince even "an experienced technical users", and is targeting other services in addition to Gmail.

The way the Gmail phishing works is that an attacker sends an email to a Gmail user's account from someone that you knows and who has had his account hacked. It may also include an attachment that looks like something that you previously sent to this user and is also likely to have a relevant subject line.

Once you click on the image/attachment, you obviously expecting Gmail to give a preview of the attachment, it will instead opens a new tab and prompts to sign-in into Gmail again.

Here we couldn't notice that something is fishy because we aware about the sender & the attachment.

So, once you sign-in, you fall into the trap laid by the hacker. It is very likely that the victims might not easily notice the hack, as a glance at the location bar shows '' in there.

Once the hackers get access to your account, they gain complete access to all your emails sent and received. Chances are quite high that once they control the email address, they can also compromise a wide variety of other services like Google Drive, access your other accounts that you have connected with that mail address by using the password reset mechanism.

Then, How to protect yourself from such attacks?

When you sign-in to any Google service or website, check the browser location bar and verify the protocol, then verify the hostname. Make sure that there is nothing before the hostname '' other than 'https://' and the lock symbol. You should also take special note of the green color and lock symbol that appears on the left. If you can't verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.

You can also enable two-factor authentication if it is available on every service that you use. Enabling two factor authentication makes it much more difficult for an attacker to sign into a service that you use, even if they manage to steal your password using this technique.